Portable devices and HIPAA are not the best of friends. The advent of portable devices as a means of information sharing has spawned the need to look at the HIPAA Security Rule afresh.
The use of portable devices such as smartphones, tablets, iPads, iPhones, and Blackberry for patient communicating is a trend that is catching up like wildfire in the US healthcare sector. This may be great news for the healthcare fraternity, given the degree to which the speed of information sharing is hastened. But it also brings in its wake its own unique challenges and concerns as far as HIPAA is concerned, because patient health information security and privacy are the edifice on which HIPAA is built.
It is accepted that the risk of unauthorized disclosure of Protected Health Information (PHI) by anyone in the healthcare loop is higher when information is held in portable devices, because portable devices store data on the device in multiple ways -within the device and in its memory chip.
These devices are designed to record a copy of the data it receives or transmits. What also makes information security from portable devices difficult, if not impossible, is that the widely used methods of encryption software and related authentication measures cannot be used in mobile devices for restriction of data. All these bring portable devices and HIPAA Security Rule at loggerheads with each other, so to speak.
The challenges associated with portable devices and HIPAA necessitate a fresh look at the traditional HIPAA safeguards, namely administrative,technical and physical safeguards. In the light of portable devices and HIPAA being a challenge to each other, one needs to reframe these safeguards in new light:
Administrative: Keeping constant and permanent vigil is the only true method of ensuring that portable devices and HIPAA are compatible with each other. Periodic risk assessments have to be conducted of all security aspects of the mobile devices in use in healthcare facilities. Healthcare providers may have to:
Some of the ways by which technical safeguards can be amended to make portable devices and HIPAA work with each other could include:
Portable devices and HIPAA become much more manageable when healthcare providers also ensure that they implement physical safeguards. Some of these: